IoT Gadget Vulnerability Testing

Here’s how you can check if your IoT gadgets are vulnerable to DNS rebinding attacks.

15:48 27 June 2018

A DNS rebinding attack allows a malicious webpage to access a local network. First disclosed more than a decade ago, the technique has recently resurfaced as a way to manipulate Internet of Things (IoT) gadgets, streaming entertainment gadgets and smart home equipment.

 

This week, researcher Brannon Dorsey has posted an essay explaining how smart home hardware can be vulnerable this trick. He explained that IoT devices can be hacked if they connect to a compromised DNS server. Hardware that can be manipulated by such attack includes WiFi routers, streaming music and video boxes, smart thermostats and all other connected appliances.

 

"Many of these devices offer limited or non-existent authentication to access and control their services," Dorsey explained. "They inherently trust other machines on the network in the same way that you would inherently trust someone you’ve allowed into your home."

 

"The implications and impact of an attack like this can have far reaching and devastating effects on devices or services running on a private network," Dorsey wrote. "By using a victim’s web browser as a sort of HTTP proxy, DNS rebinding attacks can bypass network firewalls and make every device on your protected intranet available to a remote attacker on the internet."